Main menu

Post navigation

I’ve been getting a lot of false positives from Comodo these days

I'm so irresponsible; I had actually forgotten I was using Comodo DNS until now. I only did it because the entry to nyaa.eu propagated to Comodo DNS almost a whole day before Verizon the last time it was down.

It makes me feel a little bit better about this site being in various blacklists, including Avast’s, that the main website of the host itself is blocked by Comodo. It shows that lots of innocent people get in these lists, even businesses. It’s not just their DNS though; I’ve been having weird false alarms going off with lots of well-known, safe programs lately. It must have been a recent update, since I’ve been using Comodo firewall for a few years and I’ve had very few problems. Granted, I had to hire Professor Frink to help me open ports in the dozen different panes you have to repeat the same basic rule in, but once I got it working correctly, it more or less stayed that way. You really do need to be crazy aggressive in reading documentation to properly open ports in this firewall though. Even once you figure it out, you may not know that you still have to make a few more global rules or move some other rules around so that your new rule has higher priority than other rules that might nullify it. It’s not intuitive at all. Just clicking “Treat as trusted application” doesn’t cut it, unfortunately. But once you figure out the practical aspects of using the firewall, it seems fine. It does its job and even has a useful feature where you can view the IP addresses to which each program you’re running are connecting. You can expand and collapse lists of IP addresses for different programs. TCPView had this feature but it crashes if there are too many entries, which is almost always the case if you’re running a P2P program. It’s a useful feature when you know a program is phoning home and you want to block the IP address it’s connecting to.

Anyway, it’s the “Defense+” and “Sandbox Security” features that have been giving some funny false positives lately. For example, since an update or two ago it’s been prompting me to run Silkroad and VLC in the sandbox whenever I try to launch them. It makes sense that it would recognise SRO as something potentially dangerous since Gameguard is basically a rootkit, but VLC is surprising. There was another one too that I now forgot. I think it was NeroAACEnc but it might have been something else audio-related. In any case, it’s mildly frustrating. It’s not frustrating enough to make me want to switch back to ZoneAlarm, which gave me many BSODs for some reason, but it’s still a minor annoyance. Like brushing one’s teeth.